cc86a3796593dd70c2f870cd9c7c03627e57349fe4fd83bd3e937eb755e9d6d7

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe
Size

43KB
MD5

415015eaf44cec463b97869c15030ae0
SHA1

2f5c18fd2008dabb879cb31170f135a845ddd2f6
SHA256

cc86a3796593dd70c2f870cd9c7c03627e57349fe4fd83bd3e937eb755e9d6d7
SHA512

442d55439e0732b6346444ceaaa5fdd01d9cc6adc43d369dcac663e0a1196704fe4bca5617d908a5ecc61b7e8453d492f92e50bddd3a11da929100c8fa50bed8
SSDEEP

768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6DyE9x3f1:bIDOw9a0Dwo3P1ojvUSD79R9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2516	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2120	415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2516	2120	415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe	28
PID 2120 wrote to memory of 2516	2120	415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe	28
PID 2120 wrote to memory of 2516	2120	415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe	28
PID 2120 wrote to memory of 2516	2120	415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\415015eaf44cec463b97869c15030ae0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
43KB

MD5
7699d1f287b70885eff941352ec61eb9

SHA1
01fa658c0c2a5ad9bbcbe05eff5e4e104b172b42

SHA256
4aa41c8410692cfa37810bdafe415879cd3fd39340b9c2ab86a28621c789c155

SHA512
d1d55d70965b73fdcd4fc1c003f87d2537d15474326ee09807a89c465e64d98685313ffc784497e5d9c7e231f543445d993f1779db38cba1656350e2c26d55db

Download Submit
memory/2120-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2120-8-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2120-1-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2516-15-0x0000000001CC0000-0x0000000001CC6000-memory.dmp

Filesize
24KB

Download
memory/2516-22-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download